The State Security Service may deprive the ‘big four’ audit companies of their licenses to work with Russian state secrets if they refuse to relocate data servers to Russia and limit access to them from abroad, a popular business daily reports.

Unnamed sources in two of the ‘big four’ companies (Deloitte, EY,
PwC and KPMG) have told the Vedomosti newspaper that the FSB had
revoked the license for working with state secrets from the
Russian company K-konfident that, in turn, provided the services
to KPMG. There was no official confirmation of this report from
either side, but it led to further questioning and a source
“close to the FSB” told Vedomosti that soon all four audit majors
could lose their licenses for working with Russian state secrets.

According to the source, the security service seeks to change the
auditors’ approach to data storage – Russia wants all data
servers with information related to state secrets moved on
Russian territory and they want the international companies to
restrict the access to this data from their foreign branches and
headquarters.

The source added that the Russian Federal Security Agency had
been dissatisfied with the auditors’ handling of sensitive data
for quite a long time, but the recently-passed laws give
additional leverage to the security agents and it is likely that
this time they will succeed.

Russian law on state secrets lists as such all information
relating to the national defense and strategic industries,
including such major sectors of the economy as weapons
manufacture and nuclear energy. Especially important inventions
and science breakthroughs are also listed as state secrets and so
is all information about the discovered supplies and the
production volume of strategic mineral resources.

The law also lists as classified the information on state
financial policies towards foreign nations as well as any
information on Russia’s financial sector if its early publication
might harm national interests.

Sources in the auditing companies claimed that the new rules can
give law enforcers an effective means of pressuring the auditors
by impounding the data servers. They added that data storage was
more expensive in Russia than abroad. However, the KPMG company
told Vedomosti that it had already moved all data servers inside
Russian borders and therefore expected no problems with
prolongation of their licenses.

The newest Russian law, passed by the parliament in early July
and coming into force on September 1, orders all internet
companies collecting personal information from Russian citizens
are obliged to store that data inside the country. The sponsors
of the motion believe it is in tune with the current European
policy of trying to legally protect online personal data.

The deputy chairman of the State Duma Committee on Information
Policy, Leonid Levin, said the Russian law serves goals similar
to those of the recent decision by European Court of Justice,
which endorsed the so-called ‘right to be forgotten’, obliging
Google to remove upon request links to personal data.

In mid-June this year MP Evgeny Fyodorov of the parliamentary
majority party United Russia said he was readying a bill that would
completely ban banning state-owned companies from using the
services of US consulting firms and their subsidiaries. Fyodorov
said the move would protect the Russian economy from direct
foreign influence and hidden manipulation.